Identify Risk with the InsightAppSec API

Scans run attacks on the selected URLs in your app to identify weaknesses that could lead to vulnerabilities. The specific attack types, URLs, and many other options are set in the scan configs. After starting scans, you can monitor and manage active scans. Retrieve your scan results to identify risks discovered in the scan.

Run a Scan

Prerequisites

Scan config ID from Create a Scan Config

Operation

POST

URL

https://us.api.insight.rapid7.com/ias/v1/scans

Headers


 
1
X-Api-Key : {{Insight API Key}}
2
Content-Type : application/json

Body


 
1
{
2
  "scan_config": {
3
    "id": "{{Scan Config ID}}"
4
  }
5
}

Expected Response

Status

201 Created

Header

Location : https://us.api.insight.rapid7.com:443/ias/v1/scans/{{Scan ID}}

Retrieve Scan Results

Prerequisites

Scan ID from Run a Scan

Operation POST

URL

https://us.api.insight.rapid7.com/ias/v1/search

Headers


 
1
X-Api-Key : {{Insight API Key}}
2
Content-Type : application/json

Body


 
1
{
2
   "type":"VULNERABILITY",
3
   "query":"vulnerability.scans.id='{{Scan ID}}'"
4
}

Expected Response

Status

200 OK

Body

Details of vulnerabilities found in the scan presented in JSON format.

Additional Resources

To learn more about the API, see the API overview.

Supported Regions

You can change the base URL of the API based on your region. See Supported Regions for a specific base URL based on your location.

Did this page help you?

API Guide

Set Up and Deploy

Support

InsightAppSec release notes